What do bring-your-own-device policies mean for your business security?
Around 85% of adults between the ages of 18 and 64 in the United States own a smartphone. Those devices are increasingly extensions of our selves. Unlike our home desktop systems, our phones don't stay behind when we leave for work.
Every day is bring-your-phone-to-work day
It's not surprising that the allure of increased productivity and up-front cost savings ushered in a boom of workplaces embracing BYOD (Bring Your Own Device) for their employees.
Almost three-fourths of the companies that responded to a 2015 ZDNet survey either already permitted or were planning to permit BYOD in their workplace. Mobility has become a fundamental aspect of organizational operations across industries. A 2016 Syntonic report found that 87% of companies depend on employee access to mobile business apps. BYOD has offered the path of least resistance (and low initial outlay) to companies who take advantage of employees' need to be connected.
A whole nother layer of security risk
But there's a counterbalance to everything that makes BYOD so attractive. There's greater potential for data breaches and other expensive security risks with the use of non-standardized mobile devices that leave the workplace when employees do. That has led some companies to opt instead for the control of company-owned devices, despite increased up-front expenses.
Smartphones make an irresistible hacker target, a one-stop cybercriminal shop loaded with both personally identifiable information and potential tunnels into troves of organizational data. By the end of 2017, more than 800 distinct vulnerabilities were identified in the Android operating system. iPhone OS vulnerabilities rang in at just under 400. Those are the kinds of weaknesses that hackers exploit to gain access to data riches.
BYOD security risks include but aren't limited to
Data leakage from unsecured devices
Insecure usage of a device by family members or friends outside work
Device compromise by malicious apps
Bluetooth and wi-fi hotspot exposure to eavesdropping and impersonation
Data loss/compromise if the device is lost or stolen or an employee is terminated
Comingling of corporate and personal data
Battening your BYOD hatches
For companies who weigh the benefits as greater than the risk and opt to take the BYOD gamble, strict oversight of employee device use is essenti
Put in place a clear, robust BYOD policy laying out privacy rights and security responsibilities and require signed acknowledgement from employees.
Outline limits on acceptable device uses, activities and third-party apps./li>
Deploy mobile device management (MDM) software to handle all devices connected to the organization's network.
Set device access protocols--time-out locking, password strength requirements, and biometric (fingerprint, facial recognition, iris scan) device unlocking.
Install security updates regularly.
Train, train, and retrain to keep employees vigilant in policy adherence.
Make sure your organization adopts a proactive approach to the security and liability challenges presented by evolving technology and workplace innovations. Call ELBO Computing Resources at 605-728-1157 to see how we can help your business develop effective IT management strategy.